When is an authorization required from the patient before a provider or health plan engages in marketing to that individual?

Answer:

The HIPAA Privacy Rule expressly requires an authorization for uses or disclosures of protected health information for ALL marketing communications, except in two circumstances:

  1. When the communication occurs in a face-to-face encounter between the covered entity and the individual; or 
  2. The communication involves a promotional gift of nominal value.

If the marketing communication involves direct or indirect remuneration to the covered entity from a third party, the authorization must state that such remuneration is involved.

Still need help? Contact Us Contact Us